<!--  Nguyen Huu Nhat -->
<?php 
@session_start();
include '../DataBase/ConnectDB.php';
include '../Security/CheckAdmin.php';
include '../Home/DefineVar.php';

mysql_select_db(MYSQL_DATABASE, $link) 
	or exit('Could not select database'.mysql_error());
	
	function checkAdmin($isAdmin){
		if($isAdmin) return 1;
		else return 0;
	}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<?php
////////////////////////////////////////////////////////////////////////
$accountName = mysql_real_escape_string($_POST['accountName']);
$pass = mysql_real_escape_string($_POST['pass1']);
$fullName = mysql_real_escape_string($_POST['fullName']);
$mail = mysql_real_escape_string($_POST['mail']);
$phone =mysql_real_escape_string($_POST['phone']);
$address =mysql_real_escape_string($_POST['address']);
$isAdmin = mysql_real_escape_string($_POST['isAdmin']);
$userId = mysql_real_escape_string($_POST['userId']);
$userUpdate = mysql_real_escape_string($_POST['delete']);
//ユーザの削除
if($userUpdate == '削除'){
	$result =mysql_query("SELECT COUNT(*) AS total FROM ".MYSQL_TABLE_ORDER." WHERE accountname = '".$accountName."'",$link);
	if(mysql_num_rows($result)!=0){
		$query = "UPDATE ".MYSQL_TABLE_USERINFOR." 
					SET isconfirm ='2' 
					WHERE userid='$userId';";
        $result = mysql_query($query, $link);
        $result= mysql_query("SELECT * FROM ".MYSQL_TABLE_ORDER." 
        WHERE accountname = '".$accountName."' AND orderstatus ='1' 
        ORDER BY starttime DESC ",$link);
        if(mysql_num_rows($result)!=0){
        	while($row=@mysql_fetch_array($result)){
        		$t = strtotime($row[4]) - time() - MIN_HOUR*60*60;
        		if($t >=0 ){
        		
        			$query1 = "UPDATE ".MYSQL_TABLE_ORDER." 
					SET orderstatus ='0', canceltime ='".date("Y-m-d")."', 
					fee =(SELECT cancelfee FROM ".MYSQL_TABLE_ROOMINFOR." WHERE roomname ='".$row[2]."')   
					WHERE orderid='$row[0]';";
        			 $result1 = mysql_query($query1, $link);
        		}else{
        			
        			break;
        		}
        	}
        }
	}else{
	$query = "DELETE FROM ".MYSQL_TABLE_USERINFOR." WHERE userid='$userId';";
       $result = mysql_query($query, $link);
	}
	 mysql_close($link);
     if(!$result){
     print("<br><script type='text/javascript'> alert('".SQL_ERR_MESS."'); window.location ='SearchUser.php';</script> ");
     exit();
     }else{
        print("<br><script type='text/javascript'> alert('".USER_DEL_OK_MESS."'); window.location ='SearchUser.php';</script> ");
        exit();
      }
}

if($pass =='0'){
	$tempPass="";
}else{
	$tempPass= " password ='".sha1($pass)."',";
}
	$query = "UPDATE ".MYSQL_TABLE_USERINFOR." 
			SET accountname ='$accountName', name ='$fullName',".$tempPass." mail = '$mail', phone = '$phone', address='$address', isconfirm ='1', isadmin='".checkAdmin($isAdmin)."' 
			WHERE userid='$userId';";
        $result = mysql_query($query, $link);
        if(!$result){
     print("<br><script type='text/javascript'> alert('".SQL_ERR_MESS."'); window.location ='SearchUser.php';</script> ");
     exit();
        }

 print("<br><script type='text/javascript'> alert('".USER_UPDATE_OK_MESS."'); window.location ='SearchUser.php';</script> ");
 mysql_close($link);
?>
</body>
</html>